Back in the days of DOS, when everything had to fit in 640KB RAM (give or take), the ability to load device drivers into UMBs and High Memory. Now there were tools you could use, like QEMM or memmaker in MS-DOS 6, but Real Admins did it by hand.
I carried a specially tuned DOS disk around with me, and would whip it out whenever anyone complained that a certain program wouldn't load. Boot off the floppy (with around 630KB conventional memory available after all drivers loaded), run the program with no problem, deliver the classic "It works for me" tech support line, slip the boot disk back into my pocket, and leave the user convinced they're doing something wrong.
Amen. Technology is limited, and the bad guys know where those limits are. Awareness is a huge part of the equation, no matter how much technology you throw at it, and no matter how tight that technology is.
Never underestimate the power of human stupidity. Always remember that a human is in the matrix.
On one level, this makes sense. A vulnerability should be judged by the risk it poses to the system, and security tools and settings can, in some cases, mitigate the risk and should be factored in. So on the surface, rating cross-Microsoft-platform vulnerabilities differently for Vista than XP makes sense, if Vista's security measures in their default or most common configuration are a truly effective mitigation for the vulnerability.
The crux of the matter is determining if the security measure is effective. Who decides? At work, I use MS's ratings as the barest of indicators as to the vulnerability's severity. I look elsewhere, like here on Slashdot, on the Internet Storm Center, Vulnwatch mailing list, to get a better idea of how much attention is being paid to the vulnerability. I look to see if any exploits are in the wild. And I look at our environment, and determine our own risk exposure. A home user might not havve the time/ability/resources to do this sort of checking for themselves, and in that case, they should probably follow MS's advice. But for a business, knee-jerk reactions are rarely the best course.
Perhaps, security-wise, the OS choice really boils down to a 'pick-your-poison X user-base' equation?I'd propose that it makes no difference in the long run. All OSes (or apps in general) have bugs and vulnerabilities. Security-wise, your job is to accept the fact, manage the risk, and make sure it doesn't get out of hand. Dealing with 500 Windows boxen vs. 500 Linux boxen vs. 500 Macs just changes what you need to watch for. You're still sitting on 500 targets, and if the information on those targets is attractive enough, the OS you're running won't matter. You'll still get slammed.
Here in Nevada, we got our Gaming Control Board engineers involved in the process of selecting our electronic voting systems. May seem odd at first glance, but these folks are experts at evaluating complex electronic systems (slot machines) to detect things like back doors and vulnerabilities to fraud or tampering, as well as test for reliability and accuracy. In the end, we went with voting machines from Sequoia Voting Systems that provide a paper trail the voter verifies before the vote is recorded.
My question: Did Nevada get it "right" (or as right as possible given the current state of technology)? Did anyone else?
Two friends and I learned that music well enough to sing it, each of us on a part. To this day, all one of us has to do is start the drum beat, and we can launch into it.
Hmmm.... If you'll excuse me, I have a conference call to make.
If you've got the Netcraft Toolbar installed in IE, it isn't fooled. In the test, even though the address line reads "www.google.com", the toolbat correctly identified the content as coming from Secunia.
Disclaimer: I am not a Netcraft employee, just a satified customer.
Internet access at the places I've worked has been filtered to some degree since the early 90's. It just makes sense - you're in a business, not your living room. The systems and resources are intended for business use. If you employer decides to allow a certain amount of personal use as well (and the smart employers do), they still need to manage that since it introduces risk into the environment.
A review of the site indicates that no specific initiatives are planned to be undertaken by the forum. Instead, it will provide information and provide a place for developers to pose questions, post content, and engage in discussion.
In other words, the purpose of the Open XML Formats Developer Group is to provide FUD to undermine the ODF Alliance's real work and progress, delaying adoption of ODF until such time as Microsoft can release a competing, purportedly open XML format, which they will then poison with proprietary "extensions" that guarantee their continued stranglehold on office applications.
Anyone not see this coming? Anyone?
I had the rare opportunity of pulling our CEO's physical access to the data centers because he had no business need for it. He responded that he liked to take potential clients on tours of the facilities, and the data center part was very impressive to them. I countered that he could still do that (wince), but he and his party would have to be escorted; consider it an opportunity to point out to potential clients how serious we are about security. It worked - he's told me that he has received several comments about it, all good....
You have to couch things like this in ways that they can use to their (and the company's) advantage. "We're more secure" isn't a good enough answer.
In all cases, including "wardriving", there is no legitimate reason to collect the information or listen in.
I beg to differ. As a security professional, part of my job is to assess the risk involved in actions and plans undertaken by my employer. If my employer was thinking about implementing wireless in the office, one of my first acts would be to wardrive the surrounding area (at least a couple miles in all directions), plus similar areas in neighboring cities. Among other things, I'd be looking at the total number of APs in the area, the ratio of open to closed APs, and the concentration around our buildings. Checking other cities would let me see if our area is typical or not. All of this would allow me to assess the environment we'd be entering, how attractive it is to attackers, and how much risk we would be carrying as a result of the implementation.
If I didn't wardrive, I wouldn't have as clear of a picture. I wouldn't have any idea of the exposure to risk. I wouldn't be doing my job.
And if my place of business happens to be in the strip mall down the street from your house, then yes, I would have a very legitimate reason to war drive your block.
Oh, lest I forget - I haven't had a pimple for over 30 years.
This question is far too leading. I think I'd rephrase it as:
Are you prepared to recognize and accept whatever government is elected in Iraq, regardless of its form, bias or view of the United States, if the election is certified by international observers as being fair and uninfluenced?
This brings the candidates to the core of what democracy is supposed to be: the will of the People. If they would only recognize a democratic government friendly to the US, they're more interested in building influence than in supporting democracy.
You are making two distinct assumptions here, the first being, that the males would be the dominant members of this society. As you point out initially, Ginger and Mary Ann (and let's not forget Lovey) are the ones with the in-demand commodities.
Lovey Howell has been around power long enough to recognize where it lies, who has it, and how best to exploit it. And Ginger Grant, being a successful movie star/sex symbol, would know the power she possessed - she certainly used it to her advantage, and most effectively, in a number of episodes. Mary Ann may seem innocent, but she also used her sex appeal a few times, often and well enough to show that she was not completely innocent.
This means that unless the men were willing to restore to outright rape, the women were the ones most likely to be in control.
You second assumption is that we would be seeing purely monogamous pairings. As Marin County, California in the 1980's showed, it ain't necessarily so....
Horrid, horrid movie. Went to see it with three friends (all of us Asimov fans) when it came out. Spent the following 20 minutes tearing it to shreds. Finally, one of the guys working there came up, agreed with us, and suggested that we sneak into the movie that was starting two screens down. First time I ever had a theater employee suggest a freebie....
"Once you're in an urban environment, it strips out a lot of (America's) technology advantages," he said. "It puts you in a fair fight. And you don't want to be in a fair fight."
So why are guerilla tactics used by an opposing force often decried as unfair or underhanded?
I believe John Madden said it best: "All I want is my unfair advantage." If the scales are tipped to my advantage, that's perfectly okay, and I'll make full use of it. But if the other guy has the upper hand, well, that's just not fair, and must be corrected.... Everyone wants to hold the advantage, and will do (or say) anything to convince the world that they should have it.
Nobody ever said "Hey, you know, our military is vastly superior to theirs. Let's even the playing field a little: we'll wear bright red uniforms and march rank and file into the battle while they shoot at us from behind the trees." Instead, the guerilla tactics of the colonists were decried as unfair and underhanded....
I'm no wizard myself, but I'll do my best to explain what I saw.... I'm assuming that grub still runs, and you can get into XP okay - you problem is only booting into linux. Is that correct?
My notebook is dual-boot between XP and FC2. It was the one I upgraded from FC1, and didn't have any boot problems.
The boot problem in my RH9->FC2 upgrade was the following line in/etc/grub.conf:
initrd/initrd-2.6.5-1.358.img
This line was looking for a file in/boot that wasn't created for some reason. When I commented that line out, the system was able to boot. Then I forced a reinstall of the kernel rpm (on disk 1), and the file was created properly.
I believe you can boot off the install CD to a CLI, and make the needed changes (haven't tried it, so I'm not 100% sure). If not, you have a couple options. There is an ISO image for a FC2 rescue CD, about 75MB, that will give you a CLI and automatically mount your installed system under/mnt/sysimage. Or, you can get a bootable image from knoppix, which is a full bootable linux install (including GUI) on a single CD. It's a good idea to have one of these in any event, just in case you need them....
For some reason, there wasn't an initrd-2.6.5-1.358.img file created during the upgrade, but grub was looking for one. When I commented out that line, it booted up successfully. I then reinstalled the kernel rpm, and it created the file this time.
Got an SMC 2835W card. It uses the Prism54 drivers included in the 2.6.5 kernel, so no worries. I had to grab the firmware from www.prism54.org, and it booted right up. And since it's aprt of the kernel, I won't have to recompile every time the kernel gets patched.
Best of all, it's also supported by kismet, while my old card (a Agere-based Proxim Gold) was not.
Slashdot Mirror
Back in the days of DOS, when everything had to fit in 640KB RAM (give or take), the ability to load device drivers into UMBs and High Memory. Now there were tools you could use, like QEMM or memmaker in MS-DOS 6, but Real Admins did it by hand.
I carried a specially tuned DOS disk around with me, and would whip it out whenever anyone complained that a certain program wouldn't load. Boot off the floppy (with around 630KB conventional memory available after all drivers loaded), run the program with no problem, deliver the classic "It works for me" tech support line, slip the boot disk back into my pocket, and leave the user convinced they're doing something wrong.
Ah, good times, good times....
It's what you take when you've got too much peptide, man.
Amen. Technology is limited, and the bad guys know where those limits are. Awareness is a huge part of the equation, no matter how much technology you throw at it, and no matter how tight that technology is.
Never underestimate the power of human stupidity.
Always remember that a human is in the matrix.
On one level, this makes sense. A vulnerability should be judged by the risk it poses to the system, and security tools and settings can, in some cases, mitigate the risk and should be factored in. So on the surface, rating cross-Microsoft-platform vulnerabilities differently for Vista than XP makes sense, if Vista's security measures in their default or most common configuration are a truly effective mitigation for the vulnerability.
The crux of the matter is determining if the security measure is effective. Who decides? At work, I use MS's ratings as the barest of indicators as to the vulnerability's severity. I look elsewhere, like here on Slashdot, on the Internet Storm Center, Vulnwatch mailing list, to get a better idea of how much attention is being paid to the vulnerability. I look to see if any exploits are in the wild. And I look at our environment, and determine our own risk exposure. A home user might not havve the time/ability/resources to do this sort of checking for themselves, and in that case, they should probably follow MS's advice. But for a business, knee-jerk reactions are rarely the best course.
Perhaps, security-wise, the OS choice really boils down to a 'pick-your-poison X user-base' equation?I'd propose that it makes no difference in the long run. All OSes (or apps in general) have bugs and vulnerabilities. Security-wise, your job is to accept the fact, manage the risk, and make sure it doesn't get out of hand. Dealing with 500 Windows boxen vs. 500 Linux boxen vs. 500 Macs just changes what you need to watch for. You're still sitting on 500 targets, and if the information on those targets is attractive enough, the OS you're running won't matter. You'll still get slammed.
On the trip, his guide was Hiro Nakamura, who kept muttering something about cheerleaders....
Here in Nevada, we got our Gaming Control Board engineers involved in the process of selecting our electronic voting systems. May seem odd at first glance, but these folks are experts at evaluating complex electronic systems (slot machines) to detect things like back doors and vulnerabilities to fraud or tampering, as well as test for reliability and accuracy. In the end, we went with voting machines from Sequoia Voting Systems that provide a paper trail the voter verifies before the vote is recorded.
My question: Did Nevada get it "right" (or as right as possible given the current state of technology)? Did anyone else?
Two friends and I learned that music well enough to sing it, each of us on a part. To this day, all one of us has to do is start the drum beat, and we can launch into it.
Hmmm.... If you'll excuse me, I have a conference call to make.
I think Nevada should get "In&Out", given that prostitution is legal here....
If you've got the Netcraft Toolbar installed in IE, it isn't fooled. In the test, even though the address line reads "www.google.com", the toolbat correctly identified the content as coming from Secunia.
Disclaimer: I am not a Netcraft employee, just a satified customer.
Internet access at the places I've worked has been filtered to some degree since the early 90's. It just makes sense - you're in a business, not your living room. The systems and resources are intended for business use. If you employer decides to allow a certain amount of personal use as well (and the smart employers do), they still need to manage that since it introduces risk into the environment.
Yes, but those weren't intentionally funny....
Nuke it from high orbit (in other words, low level format). Repartition, reinstall. It's the only 100% solution.
And then, don't screw up your system.
I had the rare opportunity of pulling our CEO's physical access to the data centers because he had no business need for it. He responded that he liked to take potential clients on tours of the facilities, and the data center part was very impressive to them. I countered that he could still do that (wince), but he and his party would have to be escorted; consider it an opportunity to point out to potential clients how serious we are about security. It worked - he's told me that he has received several comments about it, all good....
You have to couch things like this in ways that they can use to their (and the company's) advantage. "We're more secure" isn't a good enough answer.
"Three prequels ought to be enough for anyone."
George Lucas, 1980
In all cases, including "wardriving", there is no legitimate reason to collect the information or listen in.
I beg to differ. As a security professional, part of my job is to assess the risk involved in actions and plans undertaken by my employer. If my employer was thinking about implementing wireless in the office, one of my first acts would be to wardrive the surrounding area (at least a couple miles in all directions), plus similar areas in neighboring cities. Among other things, I'd be looking at the total number of APs in the area, the ratio of open to closed APs, and the concentration around our buildings. Checking other cities would let me see if our area is typical or not. All of this would allow me to assess the environment we'd be entering, how attractive it is to attackers, and how much risk we would be carrying as a result of the implementation.
If I didn't wardrive, I wouldn't have as clear of a picture. I wouldn't have any idea of the exposure to risk. I wouldn't be doing my job.
And if my place of business happens to be in the strip mall down the street from your house, then yes, I would have a very legitimate reason to war drive your block.
Oh, lest I forget - I haven't had a pimple for over 30 years.
This question is far too leading. I think I'd rephrase it as:
Are you prepared to recognize and accept whatever government is elected in Iraq, regardless of its form, bias or view of the United States, if the election is certified by international observers as being fair and uninfluenced?
This brings the candidates to the core of what democracy is supposed to be: the will of the People. If they would only recognize a democratic government friendly to the US, they're more interested in building influence than in supporting democracy.
Yeah, but sombody needs to teach Akroyd the ins and outs of local pronunciations.
DUNbarton, Dan! DUNbarton!
You are making two distinct assumptions here, the first being, that the males would be the dominant members of this society. As you point out initially, Ginger and Mary Ann (and let's not forget Lovey) are the ones with the in-demand commodities.
Lovey Howell has been around power long enough to recognize where it lies, who has it, and how best to exploit it. And Ginger Grant, being a successful movie star/sex symbol, would know the power she possessed - she certainly used it to her advantage, and most effectively, in a number of episodes. Mary Ann may seem innocent, but she also used her sex appeal a few times, often and well enough to show that she was not completely innocent.
This means that unless the men were willing to restore to outright rape, the women were the ones most likely to be in control.
You second assumption is that we would be seeing purely monogamous pairings. As Marin County, California in the 1980's showed, it ain't necessarily so....
Horrid, horrid movie. Went to see it with three friends (all of us Asimov fans) when it came out. Spent the following 20 minutes tearing it to shreds. Finally, one of the guys working there came up, agreed with us, and suggested that we sneak into the movie that was starting two screens down. First time I ever had a theater employee suggest a freebie....
I believe John Madden said it best: "All I want is my unfair advantage." If the scales are tipped to my advantage, that's perfectly okay, and I'll make full use of it. But if the other guy has the upper hand, well, that's just not fair, and must be corrected.... Everyone wants to hold the advantage, and will do (or say) anything to convince the world that they should have it.
Nobody ever said "Hey, you know, our military is vastly superior to theirs. Let's even the playing field a little: we'll wear bright red uniforms and march rank and file into the battle while they shoot at us from behind the trees." Instead, the guerilla tactics of the colonists were decried as unfair and underhanded....
My notebook is dual-boot between XP and FC2. It was the one I upgraded from FC1, and didn't have any boot problems.
The boot problem in my RH9->FC2 upgrade was the following line in
I believe you can boot off the install CD to a CLI, and make the needed changes (haven't tried it, so I'm not 100% sure). If not, you have a couple options. There is an ISO image for a FC2 rescue CD, about 75MB, that will give you a CLI and automatically mount your installed system under
Hope this helps....
For some reason, there wasn't an initrd-2.6.5-1.358.img file created during the upgrade, but grub was looking for one. When I commented out that line, it booted up successfully. I then reinstalled the kernel rpm, and it created the file this time.
Got an SMC 2835W card. It uses the Prism54 drivers included in the 2.6.5 kernel, so no worries. I had to grab the firmware from www.prism54.org, and it booted right up. And since it's aprt of the kernel, I won't have to recompile every time the kernel gets patched.
Best of all, it's also supported by kismet, while my old card (a Agere-based Proxim Gold) was not.